Computer Security and counter-forensics

Computer Security is essential in the wake of police repression against Internet activsts involved in things like the campaign to shut down Huntingdon “Death” Sciences.

Given that most web hosts record your IP (electronic address) when you post-and that the FBI or other enemies could copy your posts to a second server that does in real time, it is up to you to protect yourself when posting anything the cops might want to use against you.

Basic rules of conputer security

1: Never put anything in a computer that could put someone in jail unless there is NO other choice! Don’t take pictures or otherwise record any illegal activity unless every participant accepts the risk and it is for a public claim of responsability.

2: Never use a home Internet connection to post anything that could allow the cops to charge you with a crime or subpeona you to a grand jury. Even Tor can be used incorrectly.

3: Always encrypt any emails concerning subjects that cannot be told directly to the cops without causing an action to fail or a person to be arrested.

4: Encrypt you fucking hard drive! Cops just love to steal computers in raids on people’s homes-but good encryption drives them NUTS. If they have 20 encrypted computers to try and crack, and only one has the files they “need,” they have a real problem on their hands.

We will be offering information here on encryption(to protect your data after police raids or other burglaries) secure browsing with everything on RAM and wardriving(so you don’t arrested because your ISP snitched).

If you have suggestions or scripts you believe will be useful for securing activst computers against the enemy, post them here as text comments. WARNING: all scripts will be checked, malicious code will be deleted for obvious reasons.

Advertisements

4 Responses to Computer Security and counter-forensics

Here is a script for linux computers that allows you to use Firefox to access the Internet without leaving any “evidence” behind on your hard disk.

I’ve used it for months on a number of Ubuntu machines. you need sudo (root) access to use it, like on your own machine where shit left behind on disk could be recovered by file recovery software ewven after deletion. Two defenses exist: surfing on RAM, as in this script, or using an encrypted home directory.

1:Create a new user named “ram” . This user should be given sudo priviliges so you can intentionally save a file if needed, using sudo nautilus

2: copy the script below to the desktop and make it executable

3: click on it, select “run in terminal” and letr it run-you will need to log back in as ram to use the volatile(nothing stored on disk) home directory.

####Begin script
#
# Home_on_Ram.sh
################### Home_on_Ram #######################
#
#This script is for secure browsing and file handling with nothing left on disk
#unless deliberately saved other than to home or /tmp

# IT IS NECESSARY TO LOG BACK IN AFTER RUNNING THIS SCRIPT!

echo “Before you can use this script you MUST create user account ‘ram’ ”
echo “WARNING:”
echo “you are going to be logged out-please save all work and close all programs”
echo ” ”
echo “log back in when this script completes as ram”
echo “You can save files to your normal /home/(username) directory with sudo nautilus”
echo “but NOTHING will go to disk by default”

How far will they go? Depends entirely on who and what they are investigating. I suppose the heirachy goes like this, from least motivated to most motivated:

Prank/school
civil matters (e.g. lawsuits over adverse reviews on Yelp)
misdemeanor
felony
major felony
national security/ routine wartime events
something that could change the course of a war or cause regime change in one or more countries

How far CAN they go depends on how good a hacker you are, and on how good their hackers are.

Phones are the most easily tracked, and so many new exploits keep coming up that even a hardened phone with no cloud (Google/Apple etc) accounts, no Facebook app, no Google Maps, no Google Play services, and all ad supported apps removed is still easily tracked by whoever you get phone service from, and thus by anyone who can get a judge to sign a warrant. Don’t screw around with phones: if tracking or audio monitoring is an issue, turn phones ALL THE WAY OFF by removing the batteries or leave them home. We don’t call them “pocket snitches” for nothing. If you need to use a phone under these conditions, only a burnphone is safe, and it’s only safe until it has made one call or non-Signal text to a number that is being watched. Does not take much motivation to send a subpoena to a phone company, hell a civil lawyer can do this in a fucking file sharing lawsuit if those ever start back up.

A laptop used only with public access wifi is harder to track unless they can get spyware on it AND it is ever used with an account tracable to you or from an IP address associated with you. That takes a lot more motivation, but if it is ever used at home, watching that is as simple as watching your ISP, provided you are not using Tor. If you are, it takes a lot more work and a lot more effort, and usually but not always investigations into activities over Tor will fail.

Tracking computers that can’t be found due to Tor usage and being able to use it in court requires first getting a warrant to tamper with your computer. This is probably a lot harder to get than a subpeona to your phone or cable company. Then they have to sucessfully break into your computer (or phone). In many countries commercial software sold by scumbags like Gamma Group, the Hacking Team, etc is used to do this. The FBI calls their in-house developed payload a “CIPAV” or computer internet protocol address verifier, but still has to use the same exploits the private hackers use to get in. Be alert on both phones AND on computers for links send by any unknown or untrusted party, whether in an email to you, on some social media site you run, etc etc etc. A malicious link is often used to direct a target computer to a website customized for installing spyware. All this assume either you block ads and trackers, or courts never decide that data purchased from the ad networks is good enough to use in court! If you let websites show ads, you are being tracked and ANYONE can buy the data on the open market, for any reason.

If you care about tracking, STOP RIGHT NOW and install Adblock (with “acceptable ads” turned OFF) and NoScript, and learn to use them. Stop using your phone for web browsing entirely, its browser does not accept the extensions necessary to stop the tracking(and the hacking).

If you are known as a hacker, that is known to often deter at least the FBI from planting their CIPAV spyware. This is because they have no way of knowing the machine they are seeing is not a honeypot set up to trap their spyware so it can be analyzed, decompiled, and the resulting source code published. This may be how they got burned in the Freedom Roads Hosting case. In that case they attacked ALL Windows machines connecting to any site hosted on that .onion platform, and one was a hacker’s machine (probably a well planned honeypot) and captured their exploit. The exploit used to get in was a cross-platform weakness in older version of Firefox, but the payload was Windows-only. Keep in mind, Apple is maybe 5% of desktop and laptop machines, Linux maybe 1%, and things like FreeBSD a tiny fraction of that.

Needless to say, if the outcome of a war, whether or not a war or revolution starts in the first place, or probably even the outcome of an election might be changed by what they are investigating, your opponents should be considered limited only by what they physically and technically are capable of doing. No requirement for a warrant and no budgetary limitation is worth jack shit if any head of state is staring at the danger of his worst enemy’s boots marching in triumph into his national capital.

In WWII, the Nazis had the Eniegma cipher machine that was almost as easy to use as a typewriter. In response, Polish engineers invented a machine known as a bombe (because it sounded like a ticking time bomb) that took up a whole room, and in a whole day could work out the key for a message that took seconds to send on a machine costing maybe a millionth as much to produce. The British had to rely on entire buildings full of these machines to crack the German naval communications, but because they did so and it worked they were able to take the edge off the U-boat (submarine) blockade and survive long enough to win instead of lose WWII. Needless to say, a corrupt banker using one of these machines (they were sold commercially before the war) could consider his communications probably secure, as nobody in British intelligence could have spared tying up the roomful of code breaking machines long enough to deal with a single crooked banker, and the local police department (or even the SEC) probably could not afford to pay for a duplicate of what the British were using a GCHQ to defeat the Nazi codes.